[Owasp-modsecurity-core-rule-set] Need Inputs for Validating Multilingual Charset
ssharma4 at sapient.com
Wed Apr 2 11:26:25 UTC 2014
Thanks Ryan. After adding t:utf8toUnicode,t:urlDecodeUni its working.
From: Ryan Barnett [mailto:RBarnett at trustwave.com]
Sent: Tuesday, April 01, 2014 7:09 PM
To: Suraj Sharma; owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] Need Inputs for Validating Multilingual Charset
The two main configuration items you need to use are -
SecUnicodeMapFile directives -
apFile. This will set your language code point for use by t:urlDecodeUni.
Use t:utf8toUnicode,t:urlDecodeUni to map multi-byte characters into the
proper Unicode points.
See these references -
Lead Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND
On 4/1/14 9:07 AM, "Suraj Sharma" <ssharma4 at sapient.com> wrote:
>Need your help in creating rules for supporting multilingual character
>set. Our current site is supported for English characters only , we would
>like validate all the other language data as well but disallow characters
>like ;"/< etc. Is it possible to build a generic rule to support all the
>native language character set ?
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Owasp-modsecurity-core-rule-set